Java 启动实例:VPC 安全组不能用于非 VPC 启动
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22365470/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Launching Instance: VPC security groups may not be used for a non-VPC launch
提问by QuickNull
I'm attempting to create an instance in another region, but I get this error:
我正在尝试在另一个区域创建一个实例,但出现此错误:
AWS Error Code: InvalidParameterCombination, AWS Error Message: VPC security groups may not be used for a non-VPC launch
Here is the code I'm executing.
这是我正在执行的代码。
RunInstancesRequest instancereq = new RunInstancesRequest();
instancereq.setInstanceType("m3.medium");
instancereq.setImageId("ami-37b1b45e");
instancereq.setMinCount(1);
instancereq.setMaxCount(1);
ArrayList<String> secgroup = new ArrayList<String>();
instancereq.setKeyName("testkey");
secgroup.add("testdefault");
instancereq.setSecurityGroups(secgroup);
instancereq.setPlacement(getAzPlacement());
RunInstancesResult instanceresult = ec2.runInstances(instancereq);
I've also tried, instead of using the name "testdefault", using the actual groupid (sg-########), but I'll get an error saying that security group doesn't exist (which is wrong, it does). Which, based on the API doc, if using a non-default VPC, you should pass the actual groupid but I'll get an error like this:
我也尝试过,而不是使用名称“testdefault”,(sg-########)而是使用实际的 groupid ,但是我会收到一条错误消息,指出安全组不存在(这是错误的,确实存在)。其中,基于 API 文档,如果使用非默认 VPC,您应该传递实际的 groupid,但我会收到如下错误:
InvalidGroup.NotFound, AWS Error Message: The security group 'sg-########' does not exist
If I use "default" as the setSecurityGroupsit will use the default VPC. It just doesn't seem like like the groupid I'm passing, despite it being accurate.
如果我使用“默认”作为setSecurityGroups它将使用默认 VPC。尽管它是准确的,但它似乎不像我传递的 groupid。
Also, if I comment out the setSecurityGroupscode, and use setSubnetIdinstead and pass the subnet id, it will create the instance just fine, but it goes into the "default" security group, not "testdefault" like I want.
此外,如果我注释掉setSecurityGroups代码,setSubnetId而是使用并传递子网 ID,它将很好地创建实例,但它进入“默认”安全组,而不是我想要的“testdefault”。
All I'm trying to accomplish is creating an instance and having it use the already existing VPC group.
我想要完成的只是创建一个实例并让它使用现有的 VPC 组。
采纳答案by slayedbylucifer
My Answer will focus on below statement:
我的回答将侧重于以下陈述:
All I'm trying to accomplish is creating an instance and having it use the already existing VPC group.
我想要完成的只是创建一个实例并让它使用现有的 VPC 组。
So, as I understand, you want to launch an instance in a non-default VPC and assign it an existing VPC security group to it.
因此,据我所知,您希望在非默认 VPC 中启动一个实例,并为其分配一个现有的 VPC 安全组。
I am not a javaguy, but I could do what you wanted in rubyas below.
我不是java男人,但我可以做你想做的事ruby,如下所示。
require 'aws-sdk-core'
Aws.config = {
:access_key_id => "my_access_key",
:secret_access_key => "my_secret_key",
:region => 'us-west-2'
}
ec2 = Aws::EC2.new
ec2.run_instances(
min_count: 1,
max_count: 1,
image_id: 'ami-8635a9b6',
instance_type: 't1.micro',
placement: {
availability_zone: 'us-west-2a'
},
network_interfaces: [
{
subnet_id: 'subnet-e881bd63',
groups: ['sg-fd53bf5e'],
device_index: 0,
associate_public_ip_address: true
}
],
key_name: 'my-key'
).each do |resp|
resp.instances.each do |x|
puts x.instance_id
end
end
Although this is a Rubycode, it is pretty straight forward and should give you some clear hints on how to go about doing it in Javaas all these AWS SDKs are polling the same web service APIs.
虽然这是一个Ruby代码,但它非常简单,并且应该为您提供一些关于如何执行此操作的明确提示,Java因为所有这些 AWS 开发工具包都在轮询相同的 Web 服务 API。
I guess, the things that you should be concentrating in above code is:
我想,你应该在上面的代码中关注的事情是:
:region => 'us-west-2'
and
和
placement: {
availability_zone: 'us-west-2a'
},
network_interfaces: [
{
subnet_id: 'subnet-e881bd63',
groups: ['sg-fd53bf5e'],
device_index: 0,
associate_public_ip_address: true
}
],
- Make sure you explicitly specify the region.
- Check how I have defined the subnet ID and security group ID. This code will launch my EC2 instance in
subnet-e881bd63of my VPC and will apply VPC security group IDsg-fd53bf5eto its0th network interface. Besides, it will also assign a public IP address to my instance. (by default, it will not assign a public IP address when you launch instances in VPC). - FYI. When you launch instances in VPC, you must provide Security group ID instead of security group name.
- 确保您明确指定区域。
- 检查我如何定义子网 ID 和安全组 ID。此代码将在
subnet-e881bd63我的 VPC 中启动我的 EC2 实例,并将 VPC 安全组 IDsg-fd53bf5e应用于其0网络接口。此外,它还会为我的实例分配一个公共 IP 地址。(默认情况下,当您在 VPC 中启动实例时,它不会分配公有 IP 地址)。 - 供参考。当您在 VPC 中启动实例时,您必须提供安全组 ID 而不是安全组名称。
回答by Paul
This same error occurs using the command line program so I'm adding a separate answer helped by QuickNull. Simply make sure you specify the security group and subnet. For example:
使用命令行程序会发生同样的错误,因此我添加了 QuickNull 帮助的单独答案。只需确保指定安全组和子网即可。例如:
aws ec2 run-instances --image-id ami-XXXXXXXX --count 1 --instance-type t1.micro --key-name XXXXXXXX --security-group-ids sg-XXXXXXXX --subnet-id subnet-XXXXXXXX
回答by kenorb
Thanks to @slayedbyluciferfor his rubycode, here's the javasolution for reference:
感谢@slayedbylucifer的ruby代码,这里是java参考的解决方案:
// Creates an instance in the specified subnet of a non-default VPC and using the
// security group with id sg-1234567
ec2.runInstances(new RuntInstancesRequest()
...
.withSubnetId("subnet-1234abcd")
.withSecurityGroupIds("sg-1234567"));
回答by kenorb
You can't specify security group names for VPC launch (setSecurityGroups). For a non-default VPC, you must use security group IDsinstead. See EC2 run-instancespage (withSecurityGroupIds, or --security-group-idsfrom CLI).
您无法为 VPC 启动 ( setSecurityGroups)指定安全组名称。对于非默认 VPC,您必须改用安全组 ID。请参阅 EC2运行实例页面(withSecurityGroupIds,或--security-group-ids来自 CLI)。
When you specify a security group for a nondefault VPC to the CLI or the API actions, you must use the security group ID and notthe security group name to identify the security group.
当您为 CLI 或 API 操作指定非默认 VPC 的安全组时,您必须使用安全组 ID 而不是安全组名称来标识安全组。
See: Security Groups for EC2-VPC
请参阅:EC2-VPC 的安全组
Related:
有关的:
